blueangelmnx
-
Posts
179 -
Joined
-
Last visited
Posts posted by blueangelmnx
-
-
-
stiti cum le rezolva? exista algoritmi pentru rubik sunt pe youtube cautati rubik cube algorythms si veti gasi metodele..
-
l-am instalat si eu..e mijto interfata seamana cu y! 9 dar sunt mici modificari...ar fi fost frumos sa adauge si romana (nu ca nu stiu engleza dar e placut cand te baga cineva in seama)
-
ce oameni ma...asa se poarta si cu mine..ei sunt prea haceri ca sa se uite la noi, invataceii...jocuri poti lua de pe getjar.com
-
unde as gasi si eu o lista cu ce poate sa faca in plus fata de vechea versiune? ms anticipat
-
era inregistrat omu ala la vre 10 siteuri pr0n si dating ingerash da
-
si sami zici terog cum il folosesc ca mai am unul da nu mre
-
inca o data te rog mult
-
el a zis sa-i dam de munca..eu l-am ascultat
-
esti prost...
-
nop...bandwidth exceeded..poate rezolva baietii si va merge din nou
-
adevarat, dar windows poate adauga orice in produsul lor , oamenii nu sunt obligati sa il cumpere..daca u ai scoate o marca de..sa zicem ciocolata cu alune si altii tiar zice sa pui si stafide ca sunt dezavantajate stafidele daca tu pui doar alune ti s-ar parea corect? am dat un exemplu care mi-a trecut prin cap in 10 secunde nu va luati de mine daca nu va place ciocolata
-
as vrea te rog un banner cu tema...nush..ceva cstrike dar sa arate profesional si sa scrie pe el IrealStrike Community
multumesc
-
oo deci deacum la siteurile la care gasesc useri cu mailuri de yahoo si parole incerc parolele si la yahoo
app am gasit un cont printre cele ale lui lokipaki in care omul avea avatarul cu el insusi in pwla goala mi so facut greatza si l-am inchis
-
Exabyte - Wikipedia, the free encyclopedia o.O wickedsick uitativa si la yottabyte
-
e bun programul dar nu toate sunt vulnerabile..presupun ca le afiseaza pe toate care dau eroare nu?
off: tare asta cu turkojanu @daatdraqq )))
-
mah aia cu order by o folosesti in browser si afli numarul de coloane si in casuta aia pui numarul pe care l-ai aflat! nu folosesti order by direct in program
Download RST_MySQL_Exploiter_1.1_by_Fitty.exe l-am uploadat eu
-
bah scz ca invii topicul dar am o prb cand pornesc exploitu se incarca liniile alea si nu se mai opresc...ce drecu astept de 5 minute..
-
eu nu inteleg..de ce i-au amendat pentru ca "ingradesc concurenta dezavantajand programe similare" cum vine asta..e produsul lor , ei aleg ce sa puna in el ca doar internet explorer e facut tot de microsoft
-
iar va trebui sa dam bani pe placile lor video care supoata directx 11..probabil nu se vor mai face jocuri si pentru generatia actuala de placi nasol...si cu criza asta..dar cred ca jocurile vor fi impresionante
-
intrebare: ce putem face cu ea?
-
wow nici nu credeam ca se poate gj @alucardhao
-
saru'mana e cel mai bun
-
Yahoo! Local Hacked
in Stiri securitate
Posted · Edited by blueangelmnx
ma tu ai folosit google translate? ESTI UN RETARDAT
na, stirea originala:
A greyhat hacker has discovered a critical SQL injection vulnerability in Yahoo! Local Neighbors discussion board website. The flaw can be used to read information about administrative and user accounts or upload a shell on the server.
Neighbors is a Yahoo! Local feature launched at the end of 2007 with the purpose of providing a place for people to exchange information about events happening in their local communities and other useful info. Yahoo! describes the site as a "practical discussion board for any topic - from neighborhood safety to contractor recommendations."
The hacker who discovered the vulnerability goes by the online nickname of "Unu" and had previously uncovered similar vulnerabilities in other high profile websites. He notes that despite finding SQL injection and cross-site scripting (XSS) vulnerabilities in Yahoo! websites before, this is the first time when he encountered a MySQL 5 server being used by the company.
The screenshots provided by the hacker reveal the databases available on the server, as well as the users with access to them. While connections with the "root" account can only be established from local IP addresses owned by Yahoo!, Unu points out that an account called "reply_mon" can be used to access the databases from any host.
Querying the database table where details about the website's admins are stored reveals their user names, e-mail addresses and publicly displayed names. Furthermore, the UserLocations table contains information about registered users, including their Yahoo! ID, address, city, state, zip code, country and e-mail.
However, one of the most dangerous finds is that the server allows load_file, which means that a writable directory can be used to execute malicious code in order to obtain command line access. The hacker notes that, from that point on, "we can do virtually anything we want with the website: upload shells, redirects, infect pages with trojan droppers, even deface the whole website."
In an e-mail to Softpedia, Unu wrote that he is an adept of responsible disclosure practices and confirmed that Yahoo! had been notified of this vulnerability in advance. "As far as I know it has been addressed," he noted.